Dear Lifehacker, I've followed your guide to building a home server with FreeNAS, but I'm not sure what to do with the permissions on my files. Can I just set them all to 777, or is that insecure? This stuff is like Chinese to me, help!

At its most basic, Network attached storage, or NAS, is a great way to share files on your local…
Read more Read more

Sincerely, Perplexed by Permissions

Dear Perplexed, You are not alone. In fact, I was pretty confused by file permissions for a long time, but it's actually very simple! Here's why you should care, and how to understand the permissions that keep your files safe.

Note: This is a very large topic, and there's no way we could cover everything here. For now, we're going to focus on UNIX permissions—that is, permissions on Mac, Linux, and FreeBSD systems (like FreeNAS), and start with just the basics.

Why File Permissions Matter

You may think a good Wi-Fi password is all you need to keep your data from getting tampered with, but as we've shown you before, it's very easy to hack into a Wi-Fi network. So, even though it's unlikely to happen, you should make sure your files aren't out in the open for anyone to steal—especially if you have more sensitive information on your server (like backups of your computer, which can contain any number of important things).

Your Wi-Fi network is your conveniently wireless gateway to the internet, and since you're not …
Read more Read more

Furthermore, if you're sharing files within a household, it's important to make sure certain family members can't tamper with files that aren't theirs. You don't want to wake up one day only to find out that your child accidentally deleted everything on your server because it was wide open for him or her to access, or that your not-so-tech-savvy spouse moved around all your movies so your home theater PC can't find your library. A little tweaking can go a long way, and make sure your files are safe from any and all horrible situations.

The Players: Owners, Groups, and the Public

For all UNIX systems (Mac OS X, Linux, and FreeBSD—which is what FreeNAS uses), permissions work in generally the same way. Each file and folder has an owner and a group assigned to it, which decides who is allowed to access that file. The owner is the only user who can change permissions, and traditionally they have full access to the files (that is, they can read and write). Another group of users may have separate permissions (perhaps they can only read the files), and everyone else may have different permissions (maybe they can't see the files at all).

This allows you to easily dole out permissions to the household. Say you, the owner of the files, want full access, but you don't want the rest of the family to be able to write or delete those files. You, the owner, can have full permissions: you can read it, write to it, and execute it (that is, open a folder or run a program). If you want the rest of your family to only read the files, you can assign the group "Family" to those files and give it read-only permissions.

First Things First: Create Users and Groups

Before you start, you'll want to make sure you actually have users and groups on your system to which you can give these permissions. Usually, this is best done through the Users and Groups setting of your operating system—Linux, OS X, or FreeNAS. Add users for each person in your household, and create any groups you want—like a "family" group—and add the necessary users to that group. For example, if your name is Donald, you'd create a user called donald, as well as a user for your girlfriend daisy and your live-in nephews huey, dewey, and louie. All of those users would be a part of a group called family.

How to Change the Owner of a File

The easiest way change permissions is through the command line (as GUI options can often be limited or confusing). Let's take a simple example. I have a folder of movies on my hard drive, located at /mnt/Media. To see who owns those files and what group is assigned to it, I can just run the following two commands:

cd /mnt/Media
ls -l

The first command moves me to that folder, and the second command lists the files in that folder and their details. In my case, it brings up something like this:

This shows that the owner of each folder is root, and the group assigned to each is wheel (a group reserved for administrators). Let's say I want to be the owner of the file, and I want to give a group (my family) access to those files. To do so, I'd then run chown, which stands for "Change Owner:"

chown -R donald Movies

This changes the owner of the Movies folder to the user donald. The -R flag makes it recursive, which means it'll also change the owner for every folder and file within Movies (so I also own each of my movies, not just the folder they're in). To make sure it worked properly, you can always run ls -l again to see:

How to Change the Group Associated with a File

Changing the group is similar to changing the owner. Let's say I wanted to assign my family group to all of my movies (so my family could watch these movies on their own computers). To do so, I'd run the following command:

chgrp -R family Movies

This command changes the group of the Movies folder and its contents to family. Again, repeat this process for all other folders you want them to access.

The Permissions: Read, Write, and Execute

The players are only the first half of the equation. The next thing you need to worry about are the actual permissions. For a given file or folder, you have three things to worry about:

What the owner of the file can do with it

What its group can do with it

What the public can do with it

Let's go back to our example of the movies folder. If we go back and ls -l to see those files, we're given this output:

See that drwxrwxr-x gibberish on the right? That's actually the list of permissions for each folder. d means the file is a directory. After that, the first three letters (rwx) are what the owner can do with that file. The second three letters show what the group can do, and the last three letters show what the public can do. r gives read permissions, w gives write permissions, and x gives execute permissions (which allows them to open folders or execute programs). A dash (-) indicates that a certain permission has not been given.

So, in the above case, these files can be read and written to by donald and family (rwxrwx) , but only read by the public (r-x). We probably want to change that, since we don't want the family to write to the files, and don't want the public to see anything at all. So, we can change those permissions by running:

chmod -R 750 Movies

This changes those permissions to drwxr-x---, meaning the owner donald can do anything (rwx), the group family can read and execute files (r-x), and the public can do nothing (---).

So how did we come up with the number 750 in the above command? Each digit represents one of the players: the owner, the group, and the public. The permissions create the digits like this:

r=4, w=2, x=1, and rwx=7

Since we wanted the owner to do everything, the first digit becomes a 7. The group can read and execute, which is 4+1=5. The public can do nothing, which is 0. Thus, we give the file permission 750. Make sense? If we wanted the group to be able to write and execute, but not the public, we'd instead run:

chmod -R 770 Movies

It all depends on what you want to do. Repeat this process for the other files and folders you want to tweak, and you'll be well on your way to a safer, more secure set of shared files.

Sincerely, Lifehacker

Title image remixed from kuzzie (Shutterstock) and file404 (Shutterstock).